ACL on Categories/Products coming in v2.7 will be a big step forward for Nop, for it has applications in several situations, including in some types of multi-stores. I have taken quite an amount of time to think how to make it effective (applicable to different kind of tasks), efficient (performance wise) and simple to develop and to administrate. So here are my two cents for this project:
ACL on Categories
This was implemented in v1.9 setting ACL in certain categories to hide them form some customer roles. I guess this approach was to make it compatible with most stores which show all categories to all roles; so it was easy to just hide some categories when needed. But in practice when you need ACL is to hide some categories from all, but some specific roles. With this approach there is also a conflict when a customer has several roles; some that hide a category and other that don't hide it.
Therefore I think it is better to have the opposite approach: have a property which states whether the the category is subject to ACL or not. If it is subject to ACL then it will be hidden (unpublished) to all customer roles except those set for publishing it. I think the approach of the v1.9 for the administration can be kept: an ACL tab in category for selecting/deselecting the customer roles for which the category will be shown.
Another problem with the ACL in v1.9 is that products within a hidden category could still be found with the search tool. It isn't wise then to hide in the search function products of hidden categories because it will affect performance and a conflict can arise when a product is in various categories; some hidden and some others not-hidden; or when there is the setting to publish the all the products within sub-categories of a category. Therefore for this is wiser to use the ACL on products.
ACL on Products
I think for products can be applied the same approach as for categories: define which are subject to ACL and for which roles they will be published as well as an ACL tab in the administration.
ACL on Manufacturers
An ACL on Manufacturers alike ACL on Categories can be also very useful and simple to develope.
Bulk ACL on Products
This feature, alike Bulk edit product variants, will be required when there is ACL on several categories or products. It needs a search products by product name, category, manufacturer and SKU, as well by ACL Applied (true/false) and to which role. The resulting edit grid contains name and SKU and columns for selection/deselection of ACL Applies and each one of the roles. It will be very convenient to have tools for selection/deselection of each column.
When the store has many categories and products and requires ACL on several of them it will be more practical to use SQL queries or import tables from Excel.
EXAMPLES
The best way to validate all this is to test it with some real life cases that I know, so here it is:
Case 1) Special Categories/Products: B2C store which offers and Outlet for VIP and Premium customers plus exclusive products for the later.
Solution: Create a category Outlet and set ACL for them and their product with access to VIP and Premium roles and another category Exclusives with ACL access to Premium role.
Case 2) Multi-store B2B/C: Office supplies (around 8000 products) B2C/B store. All categories and products at regular prices visible in B2C and for B2B:
- 3 roles (A, B, and C) with all products/categories visible at price levels A, B and C
- Special customer (type 1) which have a special agreement to only buy form a subset (50 to 300 products)of the catalog at previously negotiated prices.
- Other special customers (type2) with an agreement for a subset who can also buy from the rest of catalog at price level A
Solution: Define roles A, B and C and set ACL to all products and categories and make it visible to customer roles Guests, Registered, A, B and C: Define price levels (with Tiered Prices by Customer role) for roles A, B and C. Create special categories S1, S2, S3, ... with ACL access for alike customer (type 1) roles (S1, S2, S3, ...) with the corresponding subsets of products. Likewise create roles and categories SS1, SS2, SS3, ... for customer type 2 and also assign them customer role A.
Case 3- [b]Wholesale for different type of Customers[/b]: A wholesaler of bicycles of different manufacturers/brands and their parts and accessories. They have a public catalog of their products. They have 4 price levels (P1, P2, ...) and two types of customers: some who buy from all brands and the rest who buy form "regular brands" plus some of the other "special brands" (B1, B2, ...).
Solution:
-Create roles P1, P2, ... and A and B1, B2, ....
-With present ACL configuration hide prices, cart and wishlist for Guests (Registered will not be active in practice since ther will be no registration).
-Set ACL on special brands B1, B2, ... and their products.
-Give access on these brands to the corresponding roles B1, B2, ... and to role A to all special brands.
-With Tiered Prices define price levels for roles P1, P2, ...
-Assign to customers of first type their corresponding role for their price level (P1, P2, ...) and to the role A (for access to all special brands).
-Assign to customers of second type their corresponding role for their price level (P1, P2, ...) plus to the role(s) corresponding to the brand(s) (B1, B2, ...) to which they can have access.
Case 4) Multi-store: A pizza chain with more than 100 shops countrywide. There are around 10 types of shops (T1, T2, ...) which, based on their geographic location, offer different products (ingredients) and different price schedules.
Solution: Create 10 customer roles (T1, T2, ...) corresponding to the 10 shop types and set ACL on products/categories and prices (with Tiered Prices) for each one. When a customer wants to enter to store hi is asked the Postal Code where the order is going to be delivered and he is assigned (or updated in case he previously had one) a customer role according to the type of shop nearby which is going to deliver the order. Thus the customer will see the corresponding products and prices